Overview

The ColdFusion Security Resources project is an organized index of all the ColdFusion security resources on the Internet that would be useful to ColdFusion developers.

Goals

The Security Resources projects aims to enable developers to easily find ColdFusion tools and resources regardless of whether they were developed by Adobe, OWASP or the ColdFusion development community.

Tools

Veracode Veracode is a commercial security testing company whose flagship product can test ColdFusion applications.Hack My CF An online tool that specializes in hacking ColdFusion servers.FuseGuard A commercial web application firewall for ColdFusion servers.Security Profile Admin Extension for ColdFusion 10 This tool produces a one page report covering those security options set up during installation. It can be modified for CF 9.

Security Libraries

Java Cryptography Extension It is possible to get stronger cryptography out of ColdFusion by updating the Java Policy files as described here. Ensure that you are adhering to your local government requirements.

Tokenizer Tokenizer encapsulates all the heavy lifting of creating, expiring, checking and removing a unique token from Forms on your site to combat CSRF.